[PATCH 0/2] Remove 1.7 privilege compatibility mode
Serge Petrenko
sergepetrenko at tarantool.org
Tue Oct 30 16:31:59 MSK 2018
We assume that if user has READ + WRITE on an object, it also has
CREATE + ALTER + DROP on an object. This was needed for compatibility
with old versions which didn't have CREATE, ALTER, DROP ACLs.
Now it's time to remove this compatibility mode.
The first patch removes this compatibility mode.
The second patch adds an upgrade script to automatically
grant CREATE, ALTER, DROP to everyone with READ and WRITE
on upgrade to 2.1.0
https://github.com/tarantool/tarantool/issues/3539
https://github.com/tarantool/tarantool/tree/sp/gh-3539-remove-legacy-grants
Serge Petrenko (2):
box: remove compatibility mode for privileges
box: autogrant CREATE,ALTER,DROP to users with READ+WRITE
src/box/alter.cc | 55 +++++++++++++++-------------------------
src/box/lua/upgrade.lua | 31 ++++++++++++++++++++++
test/box/access.result | 40 +++++++++++++++++++++++------
test/box/access.test.lua | 18 +++++++++----
test/sql/iproto.result | 6 +++++
test/sql/iproto.test.lua | 2 ++
6 files changed, 105 insertions(+), 47 deletions(-)
--
2.17.1 (Apple Git-112)
More information about the Tarantool-patches
mailing list